Related Links

On Wednesday President Obama released his intelligence review group’s final report, including 46 recommendations for reforming government surveillance. But of the 46, there’s only one that the president preemptively rejected: splitting command responsibility for the National Security Agency (NSA) and US Cyber Command (CYBERCOM).

Separating the two jobs has been debated essentially since they were joined when CYBERCOM was formed in 2009, with some arguing that the combined position bestows too much power on one person, and others saying that the two groups need to pool resources to guarantee effectiveness. There had also been an expectation that the two would likely be split given the symbolism it would provide as proof of the seriousness of reform. But the fact that the recommendation was singled out for early rejection raises the question as to whether it would actually change anything.

“To the degree that it’s a political problem, it seems to say that you’re doing something,” said General Michael Hayden, former Central Intelligence Agency and NSA director. “As a practical matter, it doesn’t do much. I don’t think it does much whatsoever, but that doesn’t mean it’s a bad idea.”

Splitting the roles would be one of the more visible and dramatic displays of reform that the Obama administration could make, although now that the president has ruled out the change he may need to look at other options to mollify the public.

Hayden said that the combined responsibilities are too much for any one person to handle, and that dividing the job might be a good idea for that reason alone.

But the idea that splitting the two jobs would alter US surveillance programs was rejected by several experts. New leadership could still easily spy on a variety of forms of communication, and a change that would truly protect privacy would likely require alterations in policy more than structure. Other ideas from the review group, such as increasing the barrier for surveillance warrants and adding a public advocate to secret courts, would likely have a much greater impact on the system.

“We’ve got to figure out this privacy thing, but breaking apart NSA and CYBERCOM doesn’t do that,” said Jeff Moulton, a cyber-researcher at Georgia Tech Research Institute.

Moulton said that his larger concern is that by splitting the two jobs, the attackers and defenders would be separated diminishing their respective skills.

“NSA is all about collecting intelligence, CYBERCOM is about protecting our resources and exploiting others,” he said. “The best way to do exploitation is to understand how to defend your own networks. So the separation of church and state from that perspective doesn’t necessarily make sense.”

And not only might skills be lost, but the cost could be large.

“We spent a lot of time getting to where we are, and a boatload of money,” Moulton said. “Do we lose all the synergies we’ve gained over the last couple of years?”